Client[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

Reason

zip: not a valid zip file

General

Target

Client.rar
Size

7.6MB
MD5

45eabeea998ac89b7973681c6a6ee4ef
SHA1

d58ddc623dc76a055e85e390bc689ac0f7d49255
SHA256

e9ae335cdbcd6abea623cb69833c098a66c34f5c9eb98ff7f470c11aee099c32
SHA512

6686f5806f6018bc835d4b32004caf06d3d7ee1b265f4cb1be02dd5f1f625a82b7b796bead7f88becefd0cc12fc617d6214bfa2c2f08f71520308ac2c90235e2
SSDEEP

196608:wzOyxoxLgtwypuD9n+BzXVolnLeuczaVwE0aipczC/lIbYVUbGV4ID:cxcgL8n+BDoLzczaVw4u/ubRCqID

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loader/Loader.exe
unpack001/Loader/bin/UbuilderB.dll
unpack001/Loader/bin/UbuilderS.dll

Files

Client.rar
.rar

Password: 888
Loader/Instruction.txt
Loader/Loader.exe
.exe windows:6 windows x86

Password: 888

2d720d38a8fbabead5b576804bc154eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClipCursor

ole32

CoGetApartmentType
CoGetObjectContext

advapi32

RegDisablePredefinedCacheEx

kernel32

GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
CreateSymbolicLinkW
FreeConsole
RaiseException
CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
WriteConsoleW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
SetEnvironmentVariableW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapFree
SetConsoleCtrlHandler
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

_LoadEnvironment@0

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 803KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Loader/Loader.js
Loader/Newtonsoft.Json.dll
Loader/bin/UbuilderB.dll
.exe windows:4 windows x86

Password: 888

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Loader/bin/UbuilderS.dll
.exe windows:4 windows x86

Password: 888

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Loader/bin/scv.jar
Loader/packages/key_datas
Loader/packages/prefix
Loader/packages/settingss
Loader/user_data/cache/version
Loader/user_data/media_cache/version
Loader/xNet.dll

Sharing

Errors

General

Malware Config

Signatures

Files

Password: 888

Password: 888

2d720d38a8fbabead5b576804bc154eb

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 756KB - Virtual size: 755KB

.rdata Size: 803KB - Virtual size: 803KB

.data Size: 436KB - Virtual size: 444KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.reloc Size: 33KB - Virtual size: 33KB

Password: 888

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 35KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

Password: 888

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 35KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 803KB - Virtual size: 803KB

.data
Size: 436KB - Virtual size: 444KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB